Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cisco
  • Expressway

Configuration 1 [-]

cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-02-07T16:15:25.666Z

Updated: 2024-08-22T18:53:32.471Z

Reserved: 2023-11-08T15:08:07.622Z

Link: CVE-2024-20254

cve-icon Vulnrichment

Updated: 2024-08-01T21:52:38.971Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-07T17:15:10.130

Modified: 2024-02-15T15:54:33.153

Link: CVE-2024-20254

cve-icon Redhat

No data.